Chapter 6 Configuration Management for Classified Equipment

Size: px
Start display at page:

Download "Chapter 6 Configuration Management for Classified Equipment"

Transcription

1 Infosec Engineering for TEMPEST Engineers Bruce Gabrielson, PhD Chapter 6 Configuration Management for Classified Equipment Introduction The complexity of a configuration management (CM) program depends, as does many other issues, on what is defined as an automated information system (AIS). An AIS is not, strictly speaking, a single computer system. An AIS is an assembly of computer hardware, firmware and software that is configured to collect, create, communicate, compute, disseminate, process, store and/or control data or information. The AIS, therefore, can consists of many components which work together to form a single function. This single function theory forms the basis for the configuration management controls that have evolved in various organizations. Scope This chapter evaluates configuration management requirements and associated lifecycle management needs, plus techniques employed by various organizations to control equipment used for classified data processing. Configuration management requirements are imposed on networked and stand-alone, sometimes TEMPEST-approved, automated information systems (AISs). The study will focus on primarily personal computers and computer workstations usually intended for a classified processing environment. Organizational comparisons are included in Appendix A. Introduction to Configuration Management Configuration management consists of identifying, controlling, accounting for, and auditing all changes made to a particular system or equipment during its life cycle. In particular, as related to equipment used to process classified information, equipment can be identified in categories of COMSEC, TEMPEST, or as a Trusted Computer Base (TCB). INTRODUCTION An AIS is not, strictly speaking, a single computer system. An AIS is an assembly of hardware, firmware and software that is configured to collect, create, communicate, compute, disseminate, process, store and/or control data or information. An AIS consists of many components which work together to form a single function. This single function theory forms the basis for the configuration management controls. CM DEFINITION Configuration management consists of identifying, controlling, accounting for, and auditing all changes made to system during its life cycle. Equipment used to process classified information can be identified in categories of COMSEC, TEMPEST, or as a Trusted Computer Base (TCB). The Trusted Computer System Evaluation Criteria (TCSEC) requires all changes to the TCB for classes B2 through A1 be controlled by configuration management. Although the "rainbow series" documentation mostly relates to software controls for trusted computers, 6-1

2 configuration management is not limited to only this function. The TCSEC gives the following as the Assurance Control Objective: "Systems that are used to process or handle classified or other sensitive information must be designed to guarantee correct and accurate interpretation of the security policy and must not distort the intent of that policy. Assurance must be provided that correct implementation and operation of the policy exists throughout the system's life cycle." What Does Configuration Management Mean? Configuration management can be thought of as a quality-assurance (QA) discipline which incorporates aspects involving both identification and authentication of objects within a system. It controls changes to system software, firmware, hardware, and documentation throughout the life of the AIS. This includes the design, development, testing, distribution, and operation of modifications and enhancements to the existing system. More specifically, configuration management applies direction to: 1) identify and document the functional and physical characteristics of each configuration item for a product; 2) manage all changes to these characteristics; and 3) record and report the status of change processing and implementation. In other words, configuration management is the means used to protect a system against unauthorized modifications, and ensures that all protection properties of a system work only as intended and are maintained after an authorized modification takes place. What Does CM Mean? CM can be thought of as a QA discipline which incorporates both identification and authentication of objects within a system. It controls changes to system software, firmware, hardware, and documentation throughout the life of the AIS. CM TASKS 1) Identification: identify and document the functional and physical characteristics of each configuration item for a product 2) Control: manage all changes to these characteristics 3) Status Accounting and Audit: record and report the status of change processing and implementation. Configuration management is really a process of engineering sound and secure operating practices into the AIS. As such, controls are placed on AISs to insure that every change in hardware, software, firmware, operational procedures, or documentation is verified and approved by the authorized or controlling party for the AIS. These security controls can be broken down into four separate tasks: identification, control, status accounting, and auditing. These tasks are applied through various techniques to ensure correct operation of the system. Life-Cycle Management Life-Cycle Management (LCM) is applied to programs, projects, and activities concerned with the design, development, deployment, and operation computing and telecommunications 6-2

3 resources. Formal LCM is a control process applied by DoD directive 1 to expenditures on new information systems, and to expenditures on the modernization of existing systems. Control decisions for all expenditure are based on the total anticipated benefits that will be derived over the life of the new system, or, that will be derived over the life of a modified and improved information system. LCM Phases Phase 0: Need Justification Phase Phase 1: Concepts Development Phase Phase 2: Design Phase Phase 3: Development Phase LCM is used to control expenditures on new or Phase 4: Deployment Phase upgraded systems to ensure that the benefits derived cost Phase 5: Operations Phase effectively satisfy mission needs to the greatest extent possible. For information security, LCM is intended to safeguard information resources using prescribed protective measures and controls to meet the specified security requirements. Information policy and procedures, functional requirements, information flows, information technology, telecommunications, security requirements, and other elements are integrated into the planning and evaluation of each alternative program concept. Technology Life-Cycle Technology life-cycle (TLC) describes the value gain of a product through the expense of research and development phase, and the financial return during its "vital life". Information technologies have a relatively short lifespan requiring constant re-evaluation an improvement to keep abreast of industry enhancements or threat increases. Within the commercial world, technology life cycle is concerned with the time and cost of developing the technology, the timeline of Value Maturity recovering cost, and modes of making the Useful Life technology yield a profit proportionate to the costs and risks involved. In the information security world, particularly in DoD, life-cycle is concerned with continued protection of mission 0 assets through reliability, availability and R&D maintainability, the RAM process. Figure 1 depicts the traditional TLC process. Software Life-Cycle Unfortunately, software is only as secure as Figure 1 Technology Life-Cycle the ability of the developers to make it secure. Historically, applications are developed in a way Time 1 NUAIBER , Life-Cycle Management of Automated Information Systems (AlSs);NUIBER , DoD Information Resources Management Program; DoDD , Major and Non-Major Defense Programs Acquisitions 6-3

4 that doesn t always ensure that all vulnerabilities are mitigated prior to its release, particularly in the world of commercial-off-the-shelf (COTS) solutions. For this reason, many applications require continuous improvements (called patch management) to enhance their secure operational characteristics. Additionally, a host of external protection mechanisms have evolved to help further protect these applications from internal and external threats. TRACEABILITY Traceability extends from the initial system baseline through the system's entire life cycle. Once something is designated a configuration item early in the system's development, every change must be under CM control. Configuration Item Identification The function of configuration item identification is to identify the components of a system for traceability. As such, the AIS must be decomposed into identifiable, understandable, manageable, and traceable units known as configuration items. Traceability extends from the initial system baseline through the system's entire life cycle. Once something is designated a configuration item early in the system's development, every change must be under CM control. CONFIGURATION ITEM IDENTIFICATION The smallest identifiable and understandable items in the system that can be changed and that might have an effect on the system's operation or security profile is considered a configuration item. A configuration item represents the portion of system subject to independent configuration management control procedures. The smallest item in the system that can be changed and that might have an effect on the system's operation or security profile is considered a configuration item. Not only is the hardware and software in the system controlled, but also the design, user documentation, and system tests are under control. The following list represents common system components decomposed into configuration items: 1) Software and firmware components of the baseline design. 2) Any changes to the TCB hardware, software, and firmware since the previous baseline. 3) Design and user documentation. 4) Software tests including functional and system integrity tests and associated documentation. 5) Development tools including any configuration management tools. 6) Any tools used for generating current configuration items. 7) Any audit trail reduction tools used in the configuration management context. 8) Maintenance guidelines 9) Any other components of the AIS as broadly defined. Each configuration item is individually indicated by a unique identifier, plus information related 6-4

5 to the item's effect on the system. This information is contained in the Configuration Management Plan for the AIS. When alterations or additions to the existing configuration occur, a new unique identifier is assigned. Identifiers are assigned early in the design of a system to ensure traceability of each new configuration change over its life cycle. It is important to select configuration item components that are appropriate for the systems size. Many small components will overwhelm the system auditors while too large of components will require considerable identification data. Configuration Control Configuration control involves the evaluation, coordination, and approval/disapproval of a proposed change. If a particular change is approved and later identified as a problem, the traceability control function allows for re-configuring to the previous state. The initial aim of configuration control is to control the system configuration as it was initially designed and specified in the design documents. The Configuration Management Plan is a simple description of what is to be done to implement configuration management in the AIS. The document is flexible and intended to be upgraded as additional needs are placed on the system. Since configuration control applies to both baseline design and changes, it must also address formal policies and procedures for correcting any security problems identified in a system or product. Changes are normally implemented through an Engineering Change Order (ECO). Note that changes to software sometimes aren't completely reflected in an ECO. A general format for ECO's is provided below: 1) The ECO provides an orderly mechanism to propagate change across the system and assure synchronization, connectivity, and continuity of alterations. 2) The preparation of ECO's is under Configuration Change Board control. 3) No system change of any kind can occur without direction by an ECO. CONFIGURATION CONTROL CC covers the evaluation, coordination, and approval/disapproval of a proposed change. Attempts to control the system configuration as it was initially designed and specified in the design documents. The CM Plan is a simple description of what is to be done to implement CM in the AIS. Changes are implemented through an Engineering Change Order (ECO). CONFIGURATION CONTROL PROGRAM (CCP) Provides for constant checking and approval of changes. Control implemented at the individual AIS level and at each site for multiple AISs. Mechanism must be in place to ensure each site receives the same version of the system and that no single AIS can act to compromise the entire system. Control is especially important when different contractors are used to provide maintenance. 6-5

6 4) Each ECO retains the identities of the initiating Service Improvement Request (SIR) or other related SIR's or ECO's. 5) ECO's are retained as evidence of formal change review and approval. When any subsequent configuration item changes are made to the AIS, not only must each change be formally approved by the controlling party, but the Configuration Management Plan and all related material must also be upgraded to ensure complete auditability. A configuration control program should provide for constant checking and approval of changes. Control is implemented at the individual AIS level and at each site when multiple AISs are used. The mechanism must be in place to ensure each site receives the same version of the system and that no single AIS can act to compromise the integrity of the entire system. This control is especially important when different contractors are used to provide maintenance to controlled equipment. Configuration Control Board (CCB) Configuration control functions are flexible and do not necessarily required a formal control board for their implementation. The TCSEC requires a formal board of qualified individuals be established for Class B2 and above. The CCB should include members representing the following areas: Program Management System Engineering Quality Assurance Technical Support Integration and Test System Installation Technical Installation Hardware and Software/Firmware Acquisition Program Development Security Engineering User Groups Configuration Status Accounting CONFIGURATION STATUS ACCOUNTING The mechanism by which progress on developing systems is reported. Objective is to record and report on all CM information significant to system security. Procedures enable logistics support such as instruction manuals and maintenance histories. Configuration status accounting is the mechanism by which progress on developing systems is reported. Establishment of a new baseline or meeting a design milestone are examples of what should be recorded as configuration status accounting information. Its objective is to record and report on all configuration management information of significance to the security of the system. Data recording, storing, and reporting are the primary means of accomplishing this task. Nearly any format for recording this information is acceptable, including on-line data bases. The accounting procedures enable logistics support such as instruction manuals and maintenance histories to be developed. Sufficient information should be available that a complete history of any 6-6

7 AIS can Configuration Audit The configuration audit involves checking that the configuration accounting information is complete. Proposed changes are reviewed and audited for their effect on the entire system. Changes include both review and testing. The audit minimizes the likelihood that a particular change will be implemented without formal review. The configuration audit should verify that: The architectural design satisfies the requirements, The detailed design satisfies the architectural design, The software code implements the detailed design, The item/product performs per the requirements, The configuration documentation, The item/product match Both hardware design and software code audits follow roughly the same review and formal audit procedures. Baselines When a product is under development, baselines are established at pre-selected design points in the system life-cycle. Baselines are defined corresponding to major design or life-cycle milestones, normally established by the Configuration Control Board. Each baseline serves as a cutoff point or completion point for one segment of the development process. The characteristics common to all baselines are that the design of the system is approved to that point and that any future changes to the design will impact the system. The initial baseline established is the functional baseline. It is derived from the requirements documentation which lists performance criteria. The final baseline, the product baseline, contains the finished version of the system that is turned over to integration testing or other end item testing. This baseline documents the version of the system at the end of the development phase and nearing final release. Equipment Repair and RCM (Both COTS and GOTS) For all equipment, certain maintainability principles apply during its life cycle. Maintainability Engineering is intended to guide initial equipment designers in optimizing maintainability requirements, reliability, and logistics effectiveness by taking into consideration the support and maintenance of a system. Maintenance Engineering includes maintenance procedures, maintenance instructions, maintenance task analysis, and resource requirements in personnel, equipment, and facilities to conduct a Logistics Support Analysis. Reliability Centered Maintenance (RCM) is a method for developing maintenance programs utilizing analytical methods to determine the amount of maintenance and optimum distribution of tasks which are essential to preserving the inherent safety, reliability, and security of the system, consistent with the lowest life-cycle cost. A formal RCM process can be developed for most programs. One important aspect of this 6-7

8 approach is breaking the system into discrete indenture levels to facilitate management of the analysis, upgrade, or maintenance program. The breakdown resembles the SSEM levels used by the Air Force. This type of breakdown can provide the basis for assessing impacts, including security impacts whenever equipment is evaluated for maintenance, upgrade, or repair. An analysis of equipment reliability, in large part, should drive the decision about the work content of an RCM program. For a classified processing system, security rather than long-term reliability becomes the driving requirement. For a TEMPEST AIS, if the repair or upgrade is not a critical feature, such as installing a larger hard disk or more RAM, it can normally be added without an extensive RCM process in place and without any additional TEMPEST testing. If a commercial, discrete component or particular electronic circuit package is required to repair an AIS, this new part can be used without a TEMPEST or AIS re-test so long as it has the same specified value or the same logic family. In either case, a formal RCM process would be beneficial for tracking purposes, since the repair information must be maintained in a configuration management program of some type. Vulnerability Survey A risk analysis is required for every AIS to meet C2 functionality as described in DoDD These risk assessments do not cover in detail the emission requirements for TEMPEST type equipment. For this equipment, some relaxation of emission requirements is allowable based on if the equipment is to be used inside or outside the United States. Regardless of emission level acceptable, one of the following measures is required for acceptance of formal TEMPEST equipment. An Equipment TEMPEST Radiation Zone (ETRZ) must be established, a vulnerability study is preformed, or each item of equipment must be TEMPEST-compliant. Establishing an ETRZ, or performing a zone test on a facility, is simple when equipment is to used in one general location. The limitations are that the TEMPEST profile of each item of equipment must be known, and the equipment is only acceptable so long as it is located in an area where the zone limitations are also known. One simple method of establishing an ETRZ with non-tempest commercial equipment is to assume that all emissions from the particular equipment are compromising. Since COTS equipment meets Federal Communication Commission (FCC) emission limits, its maximum radiated emission profile can be predicted. The difference between the FCC limits and the relevant TEMPEST limits establishes the amount of attenuation (or space loss) necessary to be TEMPESTcompliant within a zone. Although acceptable and sometimes used, this type on an analysis should only be undertaken by an individual experienced in this technique. An inexpensive TEMPEST quick-scan of modified equipment is acceptable in a vulnerability analysis when upgrade or modification changes affect critical items, depending on which items are modified and how. It is beyond the scope of this document to define the exact conditions of usage and criteria whereby scan information is allowed. In most cases tactical equipment is initially TEMPEST-compliant. Any modification which employs COTS equipment must be evaluated by one of the three methods specified. Approval to use equipment that is less than full TEMPEST-compliant is the responsibility of the Certified 6-8

9 TEMPEST Authority for the service or organization involved. In the continental US, TEMPEST equipment does not need to meet the same standards as is equipment used outside the U.S. Continuing Life-Cycle through Decommissioning Once the product has been delivered and deployed, continuing dialog with the customer is necessary to solicit feedback and identify software bugs or vulnerabilities that are identified, plus learn of new capabilities that may be useful to implement. This dialog may also identify capabilities that other products can provide. As with all lifecycles, the stages of TLC consist of requirements gathering, design and development, quality assurance testing, distribution, software change and configuration, and maintenance are all part of the application lifecycle, as is decommissioning. Conclusions Configuration Management is an essential part of every AIS. The programs complexity depends on how the AIS is defined. Since an AIS may consist of many computers and peripherals of various sizes working together in support of a single function, this "single function" theory forms the basis of defining AIS boundaries. Computer systems that share their functionality are identified as self-contained AIS. From either perspective, formal configuration management controls have been imposed. Successful configuration management is built around four main objectives: control, identification, accounting, and auditing. It is a requirement for trusted systems in classes B2 and above. However, a CM system should be in place for all systems regardless of class ratings or trust requirement. Configuration management supports the engineering practices, operational objectives, and security requirements of an overall quality assurance program. Configuration management must also be considered a vital element of the AIS security posture. However, it is not strictly a security control and traceability tool. It has historically been CM CONCLUSIONS Configuration Management is an essential part of every AIS, regardless of the level of trust imposed. The programs complexity depends on how the AIS is defined. Since an AIS may consist of many computers working together in support of a single function, this "single function" theory forms the basis of defining AIS boundaries, hence CM requirements. CM is built around four main objectives: control, identification, accounting, and auditing. specified as part of operational documents. The CM documentation should be an ongoing process accurately reflecting the entire system at all times. No changes to the system should be performed, including upgrades and ad-hock procedures, without documenting those changes in the configuration document. Configuration management should be included as an overall philosophy, not just a policy. The documentation necessary to support the CM philosophy is the configuration documentation. It should contain the initial system configuration as installed and operational. This is considered the "base line." 6-9

10 The configuration management documentation and other appropriate system security documentation must be maintained by the appropriate personnel. Proposed changes to the system should be placed before a configuration panel. This panel, composed of systems, applications, users, and security experts, will evaluate each proposed change for its impact on the system. The panel will then determine whether to grant the new configuration request. An effective configuration management system should accurately document what was required to be built, what was built, and what is presently being built. 6-10

11 Appendix A Organizational Requirements CM REQUIREMENT DOCUMENTS Most, but not all CM requirements for defense organizations evolved from the Trusted Computer System Evaluation Criteria (DOD STD). COMSEC CM requirements, TEMPEST requirements, and SCIF installation requirements evolved from other sources. Currently the various Government organizations have generated individual requirements to cover their own needs. NCSC-TG-006 Version-1, A Guide to Understanding Configuration Management in Trusted Systems This is the primary configuration management document of the "Rainbow Series." As discussed in Section , the document applies primarily to software-type controls rather than hardware controls of trusted computer bases (TCBs). The following information is applied to class A1 systems. Class B2 systems apply Requirements 1 through 11. Class B3 system requirements are listed as the same as B2 systems. However, since class B3 systems require more documentation, this means that the additional documentation will be maintained under the CM program. Class A1 Trusted Systems Configuration Management Requirements: 1. During development and maintenance of the TCB, a configuration management system shall be in place. 2. The configuration management system shall maintain "control of changes to the descriptive top-level specification (DTLS)." 3. The configuration management system shall maintain control of changes to "other design data." DOD STD, CSC-STD DOD TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA Addresses security requirements for ADP systems acquisitions. 1) specific security feature requirements 2) assurance requirements 4. The configuration management system shall maintain control of changes to "implementation documentation." 5. The configuration management system shall maintain control of changes to the "source code." 6. The configuration management system shall maintain control of changes to "the running version of the object code." 7. The configuration management system shall maintain control of changes to "test fixtures." 8. The configuration management system shall maintain control of changes to test "documentation." 6-11

12 9. The configuration management system shall assure a consistent mapping among all documentation and code associated with the current version of the TCB. 10. The configuration management system shall provide tools "for generation of a new version of the TCB from the source code." 11. The configuration management system shall provide "tools for comparisons of a newly generated TCB version with the previous version in order to ascertain that only the intended changes have been made in the code that will actually be used as the new version of the TCB." 12. During the entire life cycle, i.e., during the design, development, and maintenance of the TCB, a configuration management system shall be in place for all security-relevant hardware, firmware, and software. 13. The configuration management system shall maintain control of changes to the TCB hardware. 14. The configuration management system shall maintain control of changes to the TCB software. 15. The configuration management system shall maintain control of changes to the TCB firmware. 16. The configuration management system shall maintain control of changes to the formal model. 17. The configuration management system shall maintain control of changes to the formal top-level specifications. 18. The tools available for configuration management shall be maintained under strict configuration control. 19. A combination of technical, physical, and procedural safeguards shall be used to protect from unauthorized modification or destruction the master copy or copies of all material used to generate the TCB. DOD STD, CSC-STD , DoD Trusted Computer System Evaluation Criteria, 15 August 83 There are two distinct sets of security requirements for ADP systems acquisitions. These requirements are: 1) specific security feature requirements, and 2) assurance requirements. Assurance requirements apply to systems that cover the full range of computing environments from dedicated controllers to full-range multilevel secure resource-sharing systems. Assurance provisions from DoDD were previously discussed for Navy applications in Section Configuration Management Sections Configuration management is one of the assurance control and evaluation criteria specified in DoDS As stated in Section 3.0, these criteria provide a basis for the evaluation of the effectiveness of trusted security controls (primarily software) built into ADP system products. However, no formal configuration management requirements are called out for trusted systems below the level of B2. The following discussion describes the formal CM requirements for classes B2 and above. Configuration management is required at the B2, B3, and A1 processing levels. The requirements at the B2 and B3 levels are identical; the requirements at the A1 level are more stringent. The requirements are provided below: 6-12

13 a. Classes B2 and B3 - Structured Protection: "Life-Cycle Assurance - Configuration Management "During development and maintenance of the TCB, a configuration management system shall be in place that maintains control of changes to the descriptive top-level specification, other design data, implementation documentation, source code, the running version of the object code, and test fixtures and documentation. The configuration management system shall assure a consistent mapping among all documentation and code associated with the current version of the TCB. Tools shall be provided for generation of a new version of the TCB from source code. Also available shall be tools for comparing a newly generated version with the previous TCB version in order to ascertain that only the intended changes have been made in the code that will actually be used as the new version of the TCB." b. Class A1 - Verified Design: Life-Cycle Assurance - Configuration Management Class A1 provisions include the previous requirements plus the additional requirements indicated in bold. "During the entire life cycle, i.e. during the design, development, and maintenance of the TCB, a configuration management system shall be in place for all security-relevant hardware, firmware, and software that maintains control of changes to the formal model, the descriptive and formal top-level specifications, other design data, implementation documentation, source code, the running version of the object code, and test fixtures and documentation. The configuration management system shall assure a consistent mapping among all documentation and code associated with the current version of the TCB. Tools shall be provided for generation of a new version of the TCB from source code. Also available shall be tools, maintained under strict configuration control, for comparing a newly generated version with the previous TCB version in order to ascertain that only the intended changes have been made in the code that will actually be used as the new version of the TCB. A combination of technical, physical, and procedural safeguards shall be used to protect from unauthorized modification or destruction the master copy of copies of all material used to generate the TCB." Since most Department of Defense AIS are required to meet C2 functionality, the CM requirement of DoDS does not formally apply. What generally occurs at the organization level is that provisions for hardware CM are provided based on an interpretation of other documents. The requirements of these documents are applied directly to the equipment as used in specific applications. For software-related CM that may be applied at the C2 level, the interpretation is generally based on the general life-cycle assurance provisions of class C2 under DoDS

14 How the Navy Performs Configuration Management (CM) Software-related CM information is widely distributed. However, formal hardware-related CM information is not readily available from most organizations. The Navy has an extensive CM program and will be the focus of this section. In the Navy's "AIS Security Manual", the Navy applies configuration management as a qualityassurance function. These requirements are taken directly from DoDD One of the control objectives of configuration management is to assure that the security policy has been implemented correctly by a particular AIS, and that the system's protection-relevant elements accurately enforce the intent of that policy. This assurance must include a guarantee that the trusted portion of the system works only as intended. To accomplish these objectives, the AIS Security Manual specifies that two types of assurance are needed: "They are life-cycle assurance and operational assurance. Life-cycle assurance refers to steps taken by an organization to ensure that the system is designed, developed, and maintained using formalized and rigorous controls and standards. Computer systems that process and store sensitive or classified information depend on the hardware and software to protect that information. It follows that the hardware and software themselves must be protected against unauthorized changes that could cause protection mechanisms to malfunction or be bypassed completely." Reevaluation is necessary whenever changes are made that could affect the integrity of the protection mechanisms. The Navy feels that the hardware and software interpretation of the security policy will remain accurate and undistorted. Navy Assurance Control Objectives The AIS Security Manual states that: "While life-cycle assurance is concerned with procedures for managing system design, development, and maintenance; operational assurance focuses on features and system architecture used to ensure that the security policy is enforced without circumvention during system operation. That is, the security policy must be integrated into the hardware and software protection features of the system." "Systems that are used to process or handle classified or other sensitive information must be designed to guarantee correct and accurate interpretation of the security policy and must not distort the intent of that policy. Assurance must be provided that correct implementation and operation of the policy exists throughout the system's life-cycle." Navy CM for Workstations and AIS Terminals The Navy has developed an extensive configuration management program, based on the requirements of DoDD Included below is the relevant text from Chapter 26 of the Navy's AIS Security Manual. "26.1 General. Configuration Management is that part of security concerned with the management of changes made to an Automated Information System (AIS) throughout the development and operational life of the system. Configuration Management protects a system against unauthorized modifications and ensures that all the properties of a system are maintained after an authorized modification. Configuration Management provides both control and accountability for all 6-14

15 modifications made to a system. Configuration Management also provides assurance that changes made to a classified system do not compromise the original classification of the system." " Objective. This Chapter should provide all personnel in AIS environments with enough information concerning configuration management to identify those who are responsible for configuration management of AISs. It will also help determine where configuration management should be practiced, when configuration management should be implemented, and why configuration management is an important AIS security procedure." "26.2 Roles and Responsibilities. The overall responsibility to identify, control, and monitor the computer system's configuration posture is shared between the Automated Data Processing Security Officer (ADPSO), the Automated Data Processing System Security Officer (ADPSSO), and the AIS users." " ADP Security Officer (ADPSO). The ADPSO will: "a. Provide policy guidance and interpretation of DOD/DON policies concerning Configuration Management." "b. Identify written procedures for requesting changes to an AIS's configuration." "c. Assist in the analysis of the system configuration and processes to determine the correct classification of the system." "d. Monitor changes to the system configuration to ensure that the system is classified correctly and that the appropriate security measures are incorporated in the system design." " ADP System Security Officer (ADPSSO). The ADPSSO will: "a. Identify the type of user awareness training needed to protect the integrity of the AIS." "b. Maintain a terminal/microcomputer locator list." NAVY CM FOR TERMINALS & WORKSTATIONS CM is that part of security concerned with the management of changes made to an AIS throughout the development and operational life cycle. CM protects against unauthorized modifications. CM provides both control of potential compromises and accountability for changes made. "c. Track the movement of terminals/microcomputers within the AIS configuration." "d. In a large-scale AIS environment, review the system specification to ensure that the appropriate security measures are intact." "e. In a large-scale AIS environment, ensure that the system integrity is maintained by verifying that only the System Administrator or an authorized person has the capability to make changes to the system." "f. Ensure that configuration management is in place and conforms to the established policies identified by the ADPSO." "g. Identify the hardware and software/firmware in the AIS configuration." 6-15

16 "h. Receive and review all change requests to the AIS configuration." "i. Document and report all changes, especially those effecting AIS users." "j. Verify that changes made to the AIS configuration are functionally correct by testing the AIS processes." " High-Level AIS Environment. In high-level AIS environments where large scale AISs such as mainframes are used, a Configuration Control Board should be established. This Board normally consists of the key personnel who are responsible for programming, software testing, hardware maintenance, and technical support of the AISs." " Configuration Control Board (CCB). The CCB should consist of the following members who are jointly responsible for: "a. Scheduling meetings to discuss Configuration Management topics such as proposed changes, configuration status, accounting reports, and other topics that may be of interest to the different areas of the system development." "b. Prioritizing the approved modifications to the AISs to ensure that those system modifications that are most important are implemented first." "c. Verifying that only the approved modifications have been incorporated into the AIS once changes have been completed." " System Administrator. The System Administrator is responsible for monitoring and controlling the system configuration. The System Administrator is also considered the Program Manager. He/she will assist in the analysis and review of the requested modifications of the system design. The System Administrator should be the only person with system permission to modify the system design after authorization has been granted by the CCB. " System Programmer. When directed by the System Administrator, the System Programmer is responsible for making approved software changes. The System Programmer should also be able to perform emergency software fixes and changes when required. " Integration and Quality Assurance Personnel. The Integration and Quality Assurance Personnel are responsible for loading and testing all AIS software. " System Engineer. The System Engineer is responsible for ensuring that the AIS is functioning at normal capacity. The System Engineer can provide valuable recommendations and opinions on proposed changes to the AIS. " Security Engineer. The Security Engineer is responsible for putting in place the security measures necessary to meet the security requirements associated with the highest classification of the information processed on the AIS. The Security Engineer will also provide recommendations and comments on the security impact of the proposed changes to the AIS. " Hardware and Software/Firmware Supply Officer. The Hardware and Software/Firmware Supply Officer can best determine if there is a product available that will provide the capability identified in the change request. Commercial items which meet government standards may be purchased if they are approved by the CCB. 6-16

17 " Technical Support Personnel. Technical Support Personnel consist of representatives from the remaining technical support areas of the AIS environment. These representatives will assist in the analysis of the requested changes, especially if the changes will impact their area of expertise. Their contributions will ensure that unnecessary and contradictory changes are prevented. " Technical Librarian. The Technical Librarian will maintain an up-to-date accounting of all changes to technical documentation maintained in the Technical Library. The Technical Librarian will furnish copies of appropriate documentation to the System Programmer to assist them in the system analysis and modification. " AIS User Group. The AIS users will normally submit the AIS change request. When requested changes are submitted from someone other than the system user, the system user should review the request to ensure that the change would enhance and not hamper the system's performance. The AIS user should: "a. Notify the ADPSSO when an unannounced change to the AIS configuration is detected or when the system fails to do what it is intended to do." "b. Propose modifications/enhancements to the AIS system." "c. Test the system's performance after a modification has been completed." "d. Practice the recommended security safeguards to protect the integrity of the AIS." "26.3 Procedures. Configuration Management consists primarily of four separate tasks: identification, control, status accounting, and auditing. For every change to the AIS, these four tasks should be carried out. " Configuration Identification. The first step in Configuration Management is to identify the configuration of the system. The basic function of configuration identification is: "a. To identify the components of the system design." "b. To use, in high level AIS environments, configuration items and baselines to accurately identify the configuration of the system throughout the system's life-cycle." " Configuration Items. Configuration Item is the unique subset of the system configuration that represents the smallest portion of the system." " Configuration Baselines. The Baseline concept is a technique used to identify the system configuration. A baseline should identify a specific version of a system or major milestones in the system's development. There are three types of baselines: "1. Functional Baseline; "2. Allocated Baseline; "3. Product Baseline. " Functional Baseline. The Functional Baseline is established at the system level. It is based on documented user-defined system requirements. Once the functional baseline is established, any modifications made should be approved by the CCB. 6-17

18 " Allocated Baseline. The Allocated Baseline will be established after the analysis of the system requirements. This baseline identifies all of the required functions with a specific configuration item which is responsible for the function. " Product Baseline. The Product Baseline should contain that version of the system that will be turned over for integration testing. This baseline signifies the end of the development phase and should contain a releasable version of the system. " Configuration Control. Configuration Control should be practiced throughout the system's life-cycle. It requires controlling every change to the system documentation, hardware, and software/firmware by thoroughly reviewing and analyzing all requested changes before disapproving or authorizing those changes. " Configuration Status Accounting. After the components of the system have been identified, Configuration Status Accounting should be used to record and report on the configuration of the system throughout all changes Configuration Audit. The final requirement is that the system configuration be audited to verify that the completed changes are functionally correct and consistent with the security policy of the system Configuration Management Plan. In order to successfully manage an AIS configuration, a well thought-out plan should be prepared immediately after project initiation. The Configuration Management Plan should: "a. Define how the configuration management will be implemented as it relates to the identification, control, accounting, and auditing tasks. NAVY CONFIGURATION BASELENES The Baseline concept is a technique used to identify the system configuration. A baseline should identify a specific version of a system or major milestones in the system's development. Navy defines Functional Baselines, Allocated Baselines, and Product Baselines. THE CM PLAN Define how CM configuration management will be implemented, individual responsibilities, change procedures, and ensures life-cycle support of security features. "b. Define the roles played by the system designers, system developers, management, security staff, and the Configuration Control Board. "c. Define the procedures to be followed during configuration management. "d. Define any existing emergency procedures; for example, procedures for performing a timesensitive change. "e. Ensure that the security features and assurances supported by the Plan are still maintained after the change." 6-18

19 AIR FORCE SSEM CM SSEM imposes security oriented configuration management, through the implementation of appropriate security requirements, on all related functions and devices within the life cycle of a program. Air Force System Security Engineering Management The U.S. Air Force has implemented MIL- STD in an attempt to provide overall control of security-related functions within the total acquisition process. System Security Engineering Management (SSEM) is an element of systems engineering that applies scientific and engineering principles to identify and reduce overall security vulnerabilities from all INFOSEC functions. SSEM can be applied at all levels of complexity from box design to network control to enhance quality assurance. In essence, SSEM imposes security oriented configuration management, through the implementation of appropriate security requirements, on all related functions and devices within the life cycle of a program. Specified Minimum Hardware CM Needed to Maintain Security This section addresses hardware-related configuration management information. It describes the relevant technologies and applicable requirements documentation used to measure or control these technologies. Applicable Technologies Information security (INFOSEC) is an allencompassing term used to describe all measures intended to prevent unauthorized access to or distribution of classified information. It is composed of three principal components: emission security (TEMPEST), computer security (COMPUSEC), and communications security (COMSEC). All three INFOSEC components play a direct role in the network's protection, along with other components. While each component has a unique meaning, some of these meanings may be unclear and overlap in the modern computer network-based communication age. INFOSEC INFOSEC is an all-encompassing term used to describe all measures intended to prevent unauthorized access to or distribution of classified information. It is composed of three principal components: emission security (TEMPEST), computer security (COMPUSEC), and communications security (COMSEC). COMPUSEC means protective (usually software) measures to prevent the unauthorized access to or use of automated data processing (computer-based) information. COMSEC or communications security means measures taken to deny unauthorized persons access to telecommunications information. This usually involves a proper isolation between RED (non- 2 MIL-STD 1785, Systems Security Engineering Program Requirements, as implemented by AFR 207-1, 3 October

Streamlined FISMA Compliance For Hosted Information Systems

Streamlined FISMA Compliance For Hosted Information Systems Streamlined FISMA Compliance For Hosted Information Systems Faster Certification and Accreditation at a Reduced Cost IT-CNP, INC. WWW.GOVDATAHOSTING.COM WHITEPAPER :: Executive Summary Federal, State and

More information

PSEG Nuclear Cyber Security Supply Chain Guidance

PSEG Nuclear Cyber Security Supply Chain Guidance PSEG Nuclear Cyber Security Supply Chain Guidance Developed by: Jim Shank PSEG Site IT Manager & Cyber Security Program Manager Presented at Rapid 2018 by: Bob Tilton- Director Procurement PSEG Power Goals

More information

DoDD DoDI

DoDD DoDI DoDD 8500.1 DoDI 8500.2 Tutorial Lecture for students pursuing NSTISSI 4011 INFOSEC Professional 1 Scope of DoDD 8500.1 Information Classes: Unclassified Sensitive information Classified All ISs to include:

More information

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements

More information

The Common Controls Framework BY ADOBE

The Common Controls Framework BY ADOBE The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.

More information

Standard Development Timeline

Standard Development Timeline Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).

More information

SECURITY & PRIVACY DOCUMENTATION

SECURITY & PRIVACY DOCUMENTATION Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive

More information

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015 Federal Energy Regulatory Commission Order No. 791 January 23, 2015 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently

More information

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities

More information

TEL2813/IS2820 Security Management

TEL2813/IS2820 Security Management TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management

More information

Achilles System Certification (ASC) from GE Digital

Achilles System Certification (ASC) from GE Digital Achilles System Certification (ASC) from GE Digital Frequently Asked Questions GE Digital Achilles System Certification FAQ Sheet 1 Safeguard your devices and meet industry benchmarks for industrial cyber

More information

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary

More information

Cybersecurity in Acquisition

Cybersecurity in Acquisition Kristen J. Baldwin Acting Deputy Assistant Secretary of Defense for Systems Engineering (DASD(SE)) Federal Cybersecurity Summit September 15, 2016 Sep 15, 2016 Page-1 Acquisition program activities must

More information

AUTHORITY FOR ELECTRICITY REGULATION

AUTHORITY FOR ELECTRICITY REGULATION SULTANATE OF OMAN AUTHORITY FOR ELECTRICITY REGULATION SCADA AND DCS CYBER SECURITY STANDARD FIRST EDITION AUGUST 2015 i Contents 1. Introduction... 1 2. Definitions... 1 3. Baseline Mandatory Requirements...

More information

Chapter 18: Evaluating Systems

Chapter 18: Evaluating Systems Chapter 18: Evaluating Systems Goals Trusted Computer System Evaluation Criteria FIPS 140 Common Criteria SSE-CMM Slide #18-1 Overview Goals Why evaluate? Evaluation criteria TCSEC (aka Orange Book) FIPS

More information

Security Management Models And Practices Feb 5, 2008

Security Management Models And Practices Feb 5, 2008 TEL2813/IS2820 Security Management Security Management Models And Practices Feb 5, 2008 Objectives Overview basic standards and best practices Overview of ISO 17799 Overview of NIST SP documents related

More information

DEFINITIONS AND REFERENCES

DEFINITIONS AND REFERENCES DEFINITIONS AND REFERENCES Definitions: Insider. Cleared contractor personnel with authorized access to any Government or contractor resource, including personnel, facilities, information, equipment, networks,

More information

Threat and Vulnerability Assessment Tool

Threat and Vulnerability Assessment Tool TABLE OF CONTENTS Threat & Vulnerability Assessment Process... 3 Purpose... 4 Components of a Threat & Vulnerability Assessment... 4 Administrative Safeguards... 4 Logical Safeguards... 4 Physical Safeguards...

More information

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

CIP Cyber Security Configuration Change Management and Vulnerability Assessments Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

Information Security Policy

Information Security Policy April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING

More information

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

CIP Cyber Security Configuration Change Management and Vulnerability Assessments CIP-010-2 3 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:

More information

Courses. X E - Verify that system acquisitions policies and procedures include assessment of risk management policies X X

Courses. X E - Verify that system acquisitions policies and procedures include assessment of risk management policies X X 4016 Points * = Can include a summary justification for that section. FUNCTION 1 - INFORMATION SYSTEM LIFE CYCLE ACTIVITIES Life Cycle Duties No Subsection 2. System Disposition/Reutilization *E - Discuss

More information

INFORMATION ASSURANCE DIRECTORATE

INFORMATION ASSURANCE DIRECTORATE National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Risk Monitoring Risk Monitoring assesses the effectiveness of the risk decisions that are made by the Enterprise.

More information

Job Aid: Introduction to the RMF for Special Access Programs (SAPs)

Job Aid: Introduction to the RMF for Special Access Programs (SAPs) Contents Terminology... 2 General Terminology... 2 Documents and Deliverables... 2 Changes in Terminology... 3 Key Concepts... 3 Roles... 4 Cybersecurity for SAPs: Roles... 5 Support/Oversight Roles...

More information

INFORMATION ASSURANCE DIRECTORATE

INFORMATION ASSURANCE DIRECTORATE National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE Digital Policy Management consists of a set of computer programs used to generate, convert, deconflict, validate, assess

More information

existing customer base (commercial and guidance and directives and all Federal regulations as federal)

existing customer base (commercial and guidance and directives and all Federal regulations as federal) ATTACHMENT 7 BSS RISK MANAGEMENT FRAMEWORK PLAN [L.30.2.7, M.2.2.(7), G.5.6; F.2.1(41) THROUGH (76)] A7.1 BSS SECURITY REQUIREMENTS Our Business Support Systems (BSS) Risk MetTel ensures the security of

More information

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002 ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION

More information

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) A presentation by Lawrence Feinstein, CISSP

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) A presentation by Lawrence Feinstein, CISSP DoD Information Technology Security Certification and Accreditation Process (DITSCAP) A presentation by Lawrence Feinstein, CISSP April 14, 2004 Current Macro Security Context within the Federal Government

More information

Information Technology Procedure IT 3.4 IT Configuration Management

Information Technology Procedure IT 3.4 IT Configuration Management Information Technology Procedure IT Configuration Management Contents Purpose and Scope... 1 Responsibilities... 1 Procedure... 1 Identify and Record Configuration... 2 Document Planned Changes... 3 Evaluating

More information

Ensuring System Protection throughout the Operational Lifecycle

Ensuring System Protection throughout the Operational Lifecycle Ensuring System Protection throughout the Operational Lifecycle The global cyber landscape is currently occupied with a diversity of security threats, from novice attackers running pre-packaged distributed-denial-of-service

More information

QuickBooks Online Security White Paper July 2017

QuickBooks Online Security White Paper July 2017 QuickBooks Online Security White Paper July 2017 Page 1 of 6 Introduction At Intuit QuickBooks Online (QBO), we consider the security of your information as well as your customers and employees data a

More information

Computing Accreditation Commission Version 2.0 CRITERIA FOR ACCREDITING COMPUTING PROGRAMS

Computing Accreditation Commission Version 2.0 CRITERIA FOR ACCREDITING COMPUTING PROGRAMS Computing Accreditation Commission Version 2.0 CRITERIA FOR ACCREDITING COMPUTING PROGRAMS Optional for Reviews During the 2018-2019 Accreditation Cycle Mandatory for Reviews During the 2019-2020 Accreditation

More information

Cybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment

Cybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment Cybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment SWG G 3 2016 v0.2 ISAO Standards Organization Standards Working Group 3: Information Sharing Kent Landfield, Chair

More information

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014 Federal Energy Regulatory Commission Order No. 791 June 2, 2014 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently proposed

More information

Information Security for Mail Processing/Mail Handling Equipment

Information Security for Mail Processing/Mail Handling Equipment Information Security for Mail Processing/Mail Handling Equipment Handbook AS-805-G March 2004 Transmittal Letter Explanation Increasing security across all forms of technology is an integral part of the

More information

CYSE 411/AIT 681 Secure Software Engineering Topic #3. Risk Management

CYSE 411/AIT 681 Secure Software Engineering Topic #3. Risk Management CYSE 411/AIT 681 Secure Software Engineering Topic #3. Risk Management Instructor: Dr. Kun Sun Outline 1. Risk management 2. Standards on Evaluating Secure System 3. Security Analysis using Security Metrics

More information

Information Technology Branch Organization of Cyber Security Technical Standard

Information Technology Branch Organization of Cyber Security Technical Standard Information Technology Branch Organization of Cyber Security Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 1 November 20, 2014 Approved:

More information

INFORMATION ASSURANCE DIRECTORATE

INFORMATION ASSURANCE DIRECTORATE National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Port Security Port Security helps to control access to logical and physical ports, protocols, and services. This

More information

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers All Affiliate Research Policy Subject: HIPAA File Under: For Researchers ORA HIPAA Issuing Department: Office of Research Administration Original Policy Date Page 1 of 5 Approved by: May 9,2005 Revision

More information

INFORMATION ASSURANCE DIRECTORATE

INFORMATION ASSURANCE DIRECTORATE National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Network Mapping The Network Mapping helps visualize the network and understand relationships and connectivity between

More information

Information Technology Security Plan Policies, Controls, and Procedures Protect: Identity Management and Access Control PR.AC

Information Technology Security Plan Policies, Controls, and Procedures Protect: Identity Management and Access Control PR.AC Information Technology Security Plan Policies, Controls, and Procedures Protect: Identity Management and Access Control PR.AC Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/protect/ndcbf_

More information

Cyber Security Reliability Standards CIP V5 Transition Guidance:

Cyber Security Reliability Standards CIP V5 Transition Guidance: Cyber Security Reliability Standards CIP V5 Transition Guidance: ERO Compliance and Enforcement Activities during the Transition to the CIP Version 5 Reliability Standards To: Regional Entities and Responsible

More information

PRINCIPLES AND FUNCTIONAL REQUIREMENTS

PRINCIPLES AND FUNCTIONAL REQUIREMENTS INTERNATIONAL COUNCIL ON ARCHIVES PRINCIPLES AND FUNCTIONAL REQUIREMENTS FOR RECORDS IN ELECTRONIC OFFICE ENVIRONMENTS RECORDKEEPING REQUIREMENTS FOR BUSINESS SYSTEMS THAT DO NOT MANAGE RECORDS OCTOBER

More information

CONNECT TRANSIT CARD Pilot Program - Privacy Policy Effective Date: April 18, 2014

CONNECT TRANSIT CARD Pilot Program - Privacy Policy Effective Date: April 18, 2014 CONNECT TRANSIT CARD Pilot Program - Privacy Policy Effective Date: April 18, 2014 1. Welcome 1.1 Welcome to the Connect Transit Card Program. The Connect Card Program makes using public transit easier

More information

Checklist: Credit Union Information Security and Privacy Policies

Checklist: Credit Union Information Security and Privacy Policies Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC

More information

Cyber Security Requirements for Electronic Safety and Security

Cyber Security Requirements for Electronic Safety and Security This document is to provide suggested language to address cyber security elements as they may apply to physical and electronic security projects. Security consultants and specifiers should consider this

More information

CYBER SECURITY BRIEF. Presented By: Curt Parkinson DCMA

CYBER SECURITY BRIEF. Presented By: Curt Parkinson DCMA CYBER SECURITY BRIEF Presented By: Curt Parkinson DCMA September 20, 2017 Agenda 2 DFARS 239.71 Updates Cybersecurity Contracting DFARS Clause 252.204-7001 DFARS Clause 252.239-7012 DFARS Clause 252.239-7010

More information

Information Security Management System

Information Security Management System Information Security Management System Based on ISO/IEC 17799 Houman Sadeghi Kaji Spread Spectrum Communication System PhD., Cisco Certified Network Professional Security Specialist BS7799 LA info@houmankaji.net

More information

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

CIP Cyber Security Configuration Change Management and Vulnerability Assessments CIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:

More information

DFARS Cyber Rule Considerations For Contractors In 2018

DFARS Cyber Rule Considerations For Contractors In 2018 Portfolio Media. Inc. 111 West 19 th Street, 5th Floor New York, NY 10011 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com DFARS Cyber Rule Considerations For Contractors

More information

Automated Firewall Change Management Securing change management workflow to ensure continuous compliance and reduce risk

Automated Firewall Change Management Securing change management workflow to ensure continuous compliance and reduce risk Automated Firewall Change Management Securing change management workflow to ensure continuous compliance and reduce risk Skybox Security Whitepaper January 2015 Executive Summary Firewall management has

More information

TABLE OF CONTENTS. Page REFERENCES 5 DEFINITIONS 8 ABBREVIATIONS AND/OR ACRONYMS 18 C1. CHAPTER 1 - INTRODUCTION 20

TABLE OF CONTENTS. Page REFERENCES 5 DEFINITIONS 8 ABBREVIATIONS AND/OR ACRONYMS 18 C1. CHAPTER 1 - INTRODUCTION 20 1 2 FOREWORD TABLE OF CONTENTS Page REFERENCES 5 DEFINITIONS 8 ABBREVIATIONS AND/OR ACRONYMS 18 C1. CHAPTER 1 - INTRODUCTION 20 C1.1. BACKGROUND 20 C1.2. TECHNOLOGY OVERVIEW 21 C1.3. DITSCAP OBJECTIVE

More information

Department of Public Health O F S A N F R A N C I S C O

Department of Public Health O F S A N F R A N C I S C O PAGE 1 of 7 Category: Information Technology Security and HIPAA DPH Unit of Origin: Department of Public Health Policy Owner: Phillip McDown, CISSP Phone: 255-3577 CISSPCISSP/C Distribution: DPH-wide Other:

More information

Certified Information Systems Auditor (CISA)

Certified Information Systems Auditor (CISA) Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting

More information

Compliance Brief: The National Institute of Standards and Technology (NIST) , for Federal Organizations

Compliance Brief: The National Institute of Standards and Technology (NIST) , for Federal Organizations VARONIS COMPLIANCE BRIEF NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST) 800-53 FOR FEDERAL INFORMATION SYSTEMS CONTENTS OVERVIEW 3 MAPPING NIST 800-53 CONTROLS TO VARONIS SOLUTIONS 4 2 OVERVIEW

More information

NEN The Education Network

NEN The Education Network NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected

More information

Standard CIP Cyber Security Critical Cyber Asset Identification

Standard CIP Cyber Security Critical Cyber Asset Identification Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed

More information

IECEx Guide Guidance for Applications from Service Facilities seeking IECEx Certification

IECEx Guide Guidance for Applications from Service Facilities seeking IECEx Certification IECEx Guide Guidance for Applications from Service Facilities seeking IECEx Certification INTERNATIONAL ELECTROTECHNICAL COMMISSION SCHEME FOR CERTIFICATION TO STANDARDS RELATING TO EQUIPMENT FOR USE IN

More information

Effective Threat Modeling using TAM

Effective Threat Modeling using TAM Effective Threat Modeling using TAM In my blog entry regarding Threat Analysis and Modeling (TAM) tool developed by (Application Consulting and Engineering) ACE, I have watched many more Threat Models

More information

1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010

1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010 Standard CIP 011 1 Cyber Security Protection Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes

More information

Page 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES

Page 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES 002 5 R1. Each Responsible Entity shall implement a process that considers each of the following assets for purposes of parts 1.1 through 1.3: i. Control Centers and backup Control Centers; ii. Transmission

More information

Service Description: CNS Federal High Touch Technical Support

Service Description: CNS Federal High Touch Technical Support Page 1 of 1 Service Description: CNS Federal High Touch Technical Support This service description ( Service Description ) describes Cisco s Federal High Touch Technical support (CNS-HTTS), a tier 2 in

More information

Information Security Controls Policy

Information Security Controls Policy Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January

More information

Standard CIP Cyber Security Critical Cyber Asset Identification

Standard CIP Cyber Security Critical Cyber Asset Identification Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed

More information

CNSS Advisory Memorandum Information Assurance December 2010 Advisory Memorandum

CNSS Advisory Memorandum Information Assurance December 2010 Advisory Memorandum December 2010 Advisory Memorandum Reducing the Risk of Removable Media in National Security Systems NATIONAL MANAGER FOREWORD 1. Using removable media presents serious risks to the security of National

More information

Client Computing Security Standard (CCSS)

Client Computing Security Standard (CCSS) Client Computing Security Standard (CCSS) 1. Background The purpose of the Client Computing Security Standard (CCSS) is to (a) help protect each user s device from harm, (b) to protect other users devices

More information

NATIONAL COMPUTER SECURITY CENTER A GUIDE TO PROCUREMENT OF SINGLE AND CONNECTED SYSTEMS

NATIONAL COMPUTER SECURITY CENTER A GUIDE TO PROCUREMENT OF SINGLE AND CONNECTED SYSTEMS RATIONAL COMFDTEB SECÜBITT; "CHUBB NCSC TECHNICAL REPORT-004 Library No. S-241,359 NATIONAL COMPUTER SECURITY CENTER 19980513 111 A GUIDE TO PROCUREMENT OF SINGLE AND CONNECTED SYSTEMS LANGUAGE FOR RFP

More information

Handbook Webinar

Handbook Webinar 800-171 Handbook Webinar Pat Toth Cybersecurity Program Manager National Institute of Standards and Technology (NIST) Manufacturing Extension Partnership (MEP) NIST MEP 800-171 Assessment Handbook Step-by-step

More information

MIS Week 9 Host Hardening

MIS Week 9 Host Hardening MIS 5214 Week 9 Host Hardening Agenda NIST Risk Management Framework A quick review Implementing controls Host hardening Security configuration checklist (w/disa STIG Viewer) NIST 800-53Ar4 How Controls

More information

CIP Cyber Security Configuration Management and Vulnerability Assessments

CIP Cyber Security Configuration Management and Vulnerability Assessments Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

ANZSCO Descriptions The following list contains example descriptions of ICT units and employment duties for each nominated occupation ANZSCO code. And

ANZSCO Descriptions The following list contains example descriptions of ICT units and employment duties for each nominated occupation ANZSCO code. And ANZSCO Descriptions The following list contains example descriptions of ICT units and employment duties for each nominated occupation ANZSCO code. Content 261311 - Analyst Programmer... 2 135111 - Chief

More information

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045 Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence that

More information

Chapter 8: SDLC Reviews and Audit Learning objectives Introduction Role of IS Auditor in SDLC

Chapter 8: SDLC Reviews and Audit Learning objectives Introduction Role of IS Auditor in SDLC Chapter 8: SDLC Reviews and Audit... 2 8.1 Learning objectives... 2 8.1 Introduction... 2 8.2 Role of IS Auditor in SDLC... 2 8.2.1 IS Auditor as Team member... 2 8.2.2 Mid-project reviews... 3 8.2.3 Post

More information

Cyber Security Program

Cyber Security Program Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by

More information

Cyber Security Incident Report

Cyber Security Incident Report Cyber Security Incident Report Technical Rationale and Justification for Reliability Standard CIP-008-6 January 2019 NERC Report Title Report Date I Table of Contents Preface... iii Introduction... 1 New

More information

ASSURANCE CONTINUITY: CCRA REQUIREMENTS

ASSURANCE CONTINUITY: CCRA REQUIREMENTS ASSURANCE CONTINUITY: CCRA REQUIREMENTS VERSION 2.1 JUNE 2012 1 INTRODUCTION...3 1.1 SCOPE...3 1.2 APPROACH...3 1.3 CONTENTS...3 2 TECHNICAL CONCEPTS...4 2.1 ASSURANCE CONTINUITY PURPOSE...4 2.2 TERMINOLOGY...4

More information

Systems Engineering and System Security Engineering Requirements Analysis and Trade-Off Roles and Responsibilities

Systems Engineering and System Security Engineering Requirements Analysis and Trade-Off Roles and Responsibilities Systems Engineering and System Security Engineering Requirements Analysis and Trade-Off Roles and Responsibilities Melinda Reed Office of the Deputy Assistant Secretary of Defense for Systems Engineering

More information

Unofficial Comment Form Project Modifications to CIP Standards Virtualization in the CIP Environment

Unofficial Comment Form Project Modifications to CIP Standards Virtualization in the CIP Environment Unofficial Comment Form Project 2016-02 Modifications to CIP Standards Virtualization in the CIP Environment Do not use this form for submitting comments. Use the electronic form to submit comments on

More information

Networks - Technical specifications of the current networks features used vs. those available in new networks.

Networks - Technical specifications of the current networks features used vs. those available in new networks. APPENDIX V TECHNICAL EVALUATION GUIDELINES Where applicable, the following guidelines will be applied in evaluating the system proposed by a service provider: TABLE 1: HIGH LEVEL COMPONENTS Description

More information

University of Pittsburgh Security Assessment Questionnaire (v1.7)

University of Pittsburgh Security Assessment Questionnaire (v1.7) Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided

More information

Committee on National Security Systems. CNSS Policy No. 14 November 2002

Committee on National Security Systems. CNSS Policy No. 14 November 2002 Committee on National Security Systems CNSS Policy No. 14 November 2002 National Policy Governing the Release of Information Assurance (IA) Products and Services to Authorized U.S. Persons or Activities

More information

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not

More information

Exam Questions IIA-CGAP

Exam Questions IIA-CGAP Exam Questions IIA-CGAP Certified Government Auditing Professional https://www.2passeasy.com/dumps/iia-cgap/ 1. Help define the role and responsibilities of auditors to internal and external entities.

More information

Information Security Office. Server Vulnerability Management Standards

Information Security Office. Server Vulnerability Management Standards Information Security Office Server Vulnerability Management Standards Revision History Revision Date Revised By Summary of Revisions Section(s) / Page(s) Revised 6/1/2013 S. Gucwa Initial Release All 4/15/2015

More information

A company built on security

A company built on security Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for

More information

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information The HITRUST CSF A Revolutionary Way to Protect Electronic Health Information June 2015 The HITRUST CSF 2 Organizations in the healthcare industry are under immense pressure to improve quality, reduce complexity,

More information

Safeguarding Unclassified Controlled Technical Information

Safeguarding Unclassified Controlled Technical Information Safeguarding Unclassified Controlled Technical Information (DFARS Case 2011-D039): The Challenges of New DFARS Requirements and Recommendations for Compliance Version 1 Authors: Justin Gercken, TSCP E.K.

More information

Virginia State University Policies Manual. Title: Change/Configuration Management Policy: 6810 A. Purpose

Virginia State University Policies Manual. Title: Change/Configuration Management Policy: 6810 A. Purpose A. Purpose Virginia State University (VSU) management in an effort to preserve the integrity and stability of its systems and infrastructure has established a change management policy that will govern

More information

NIST Security Certification and Accreditation Project

NIST Security Certification and Accreditation Project NIST Security Certification and Accreditation Project An Integrated Strategy Supporting FISMA Dr. Ron Ross Computer Security Division Information Technology Laboratory 1 Today s Climate Highly interactive

More information

Best Practices in ICS Security for System Operators

Best Practices in ICS Security for System Operators Best Practices in ICS Security for System Operators Introduction Industrial automation and control systems have become increasingly connected to internal and external networks. This exposure has resulted

More information

SYSTEMS ASSET MANAGEMENT POLICY

SYSTEMS ASSET MANAGEMENT POLICY SYSTEMS ASSET MANAGEMENT POLICY Policy: Asset Management Policy Owner: CIO Change Management Original Implementation Date: 7/1/2017 Effective Date: 7/1/2017 Revision Date: Approved By: NIST Cyber Security

More information

5.10 CUSTOMER SPECIFIC DESIGN AND ENGINEERING SERVICES (L )

5.10 CUSTOMER SPECIFIC DESIGN AND ENGINEERING SERVICES (L ) 5.10 CUSTOMER SPECIFIC DESIGN AND ENGINEERING SERVICES (L.34.1.5) Qwest s Networx Customer Specific Design and Engineering Services provide systems and applications test facilities domestically and nondomestically

More information

3. LABOR CATEGORY DESCRIPTIONS

3. LABOR CATEGORY DESCRIPTIONS 3. LABOR CATEGORY DESCRIPTIONS 001 - Consulting Systems Advisor Fifteen or more (15+) years of experience within the industry. The Consulting System Advisor develops and applies advanced methods, theories,

More information

ITG. Information Security Management System Manual

ITG. Information Security Management System Manual ITG Information Security Management System Manual This manual describes the ITG Information Security Management system and must be followed closely in order to ensure compliance with the ISO 27001:2005

More information

ITG. Information Security Management System Manual

ITG. Information Security Management System Manual ITG Information Security Management System Manual This manual describes the ITG Information Security Management system and must be followed closely in order to ensure compliance with the ISO 27001:2005

More information

Security Standards for Electric Market Participants

Security Standards for Electric Market Participants Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system

More information

A Supply Chain Attack Framework to Support Department of Defense Supply Chain Security Risk Management

A Supply Chain Attack Framework to Support Department of Defense Supply Chain Security Risk Management A Supply Chain Attack Framework to Support Department of Defense Supply Chain Security Risk Management D r. J o h n F. M i l l e r T h e M I T R E C o r p o r a t i o n P e t e r D. K e r t z n e r T h

More information

A Guide to Understanding Audit in Trusted Systems

A Guide to Understanding Audit in Trusted Systems A Guide to Understanding Audit in Trusted Systems NATIONAL COMPUTER SECURITY CENTER FORT GEORGE G. MEADE, MARYLAND 20755-6000 NCSC-TG-001 VERSION-2 Library No. S-228,470 FOREWORD This publication, "A Guide

More information

Network Visibility and Segmentation

Network Visibility and Segmentation Network Visibility and Segmentation 2019 Cisco and/ or its affiliates. All rights reserved. Contents Network Segmentation A Services Approach 3 The Process of Segmentation 3 Segmentation Solution Components

More information

Information Technology General Control Review

Information Technology General Control Review Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor

More information